Vulnerabilities > MI
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-21 | CVE-2020-14122 | Insufficient Verification of Data Authenticity vulnerability in MI Miui 12.5.2 Some Xiaomi phones have information leakage vulnerabilities, and some of them may be able to forge a specific identity due to the lack of parameter verification, resulting in user information leakage. | 2.1 |
| 2022-03-10 | CVE-2020-14111 | Insufficient Verification of Data Authenticity vulnerability in MI Ax3600 Firmware 1.0.50/1.1.12 A command injection vulnerability exists in the Xiaomi Router AX3600. | 7.2 |
| 2022-03-10 | CVE-2020-14112 | Information Exposure vulnerability in MI Ax6000 Firmware Information Leak Vulnerability exists in the Xiaomi Router AX6000. | 5.0 |
| 2022-03-10 | CVE-2020-14115 | Insufficient Verification of Data Authenticity vulnerability in MI Ax3600 Firmware 1.0.50 A command injection vulnerability exists in the Xiaomi Router AX3600. | 10.0 |
| 2022-01-18 | CVE-2020-14107 | Out-of-bounds Write vulnerability in MI Xiaomi Mirror Screen A stack overflow in the HTTP server of Cast can be exploited to make the app crash in LAN. | 5.0 |
| 2022-01-18 | CVE-2020-14110 | Incorrect Authorization vulnerability in MI Ax3600 Firmware 1.0.50 AX3600 router sensitive information leaked.There is an unauthorized interface through luci to obtain sensitive information and log in to the web background. | 4.6 |
| 2021-09-16 | CVE-2020-14119 | Command Injection vulnerability in MI Ax3600 There is command injection in the addMeshNode interface of xqnetwork.lua, which leads to command execution under administrator authority on Xiaomi router AX3600 with rom versionrom< 1.1.12 | 10.0 |
| 2021-09-16 | CVE-2020-14124 | Classic Buffer Overflow vulnerability in MI Ax3600 Firmware 1.0.50/1.1.12 There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiaomi router AX3600 with ROM version =rom< 1.1.12. | 7.5 |
| 2021-09-16 | CVE-2020-14109 | Command Injection vulnerability in MI Ax3600 Firmware 1.0.50/1.1.12 There is command injection in the meshd program in the routing system, resulting in command execution under administrator authority on Xiaomi router AX3600 with ROM version =< 1.1.12 | 9.0 |
| 2021-09-16 | CVE-2020-14130 | Exposure of Resource to Wrong Sphere vulnerability in MI Xiaomi Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version <3.0.210809 | 5.0 |